Cryptowall and Windows Server Backup

We have seen a number of CryptoWall infections over the last couple of months. In one case, we had to pay the ransom. My question relates to the potential encryption of backups. We have a number of clients running Windows Server Backup on Server 2008 or 2012. We back up to an external drive on the server. Does CryptoWall affect the Windows Server backup file when the server has been infected? I know that the latest variation deletes Shadow Copies, but cannot find a reference to the Windows Backup file. Most of our clients use ShadowProtect and we send their backups offsite. I feel pretty safe with those clients. However, some clients use the built-in Windows Server backup and do not send offsite.

Currently backups aren't affected yet. But that doesn't mean that a coming version of the virus will not be able to encrypt backups as well. The best course of action would be to make sure the backup media is only connected during the backup, and when it is finished, turned off. A further precaution is to rotate between different backup media so that should one media get corrupted, you still have an older version on another media available.

Currently backups aren't affected yet. But that doesn't mean that a coming version of the virus will not be able to encrypt backups as well. The best course of action would be to make sure the backup media is only connected during the backup, and when it is finished, turned off. A further precaution is to rotate between different backup media so that should one media get corrupted, you still have an older version on another media available.

Another thing I forgot to mention, servers themselves shouldn't not get infected (unless you are talking terminal servers), as people would need to be directly working on the server itself to get the virus installed on it. So only the users' workstation would be running the virus. As the normal PC's shouldn't have access to the backup files, they can't easily get changed by any malware.